From 49f70f198a0bd1b72ae05b76ba8c2a013aa9ec5b Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Sun, 26 Mar 2017 23:08:20 -0400
Subject: Ensure we can decrypt the luks key before attempting to use it

This just fails earlier when the wrong GPG key is used.

The correct solution is to avoid the failure by testing for GPG keys
before offering disks to boot.
---
 src/initrd/btrfs-create.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/initrd')

diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh
index 3066331..c076b9e 100644
--- a/src/initrd/btrfs-create.sh
+++ b/src/initrd/btrfs-create.sh
@@ -224,12 +224,18 @@ open_samizdat_blockdev_from_loop()
 open_samizdat_blockdev()
 {
   local dev="$1" keyfile="$2"
+  local cryptname=samizdatcrypt decrypted_keyfile=/luks.secret
 
-  local cryptname=samizdatcrypt
   gpg2 --verify "$keyfile" || return
+
+  # TODO: we should be ensuring we can decrypt this secret key before even
+  # offering the option to boot the encrypted filesystem
+
   # The first --decrypt merely strips the signature.  The option is
   # poorly named for that case.
-  gpg2 --decrypt "$keyfile" | gpg2 --decrypt | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return
+  gpg2 --decrypt "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return
+
+  cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return
 
   [ -b /dev/mapper/"$cryptname" ] || return
 
-- 
cgit v1.2.3